Example usage for org.apache.shiro.util PermissionUtils toPermissionStrings

List of usage examples for org.apache.shiro.util PermissionUtils toPermissionStrings

  1. HOME
  2. Java
  3. org.apache.shiro
  4. org.apache.shiro.util.*
  5. PermissionUtils
  6. toPermissionStrings

Introduction

In this page you can find the example usage for org.apache.shiro.util PermissionUtils toPermissionStrings.

Prototype

public static Set<String> toPermissionStrings(String permissionsString)

Source Link

Usage

From source file:org.apache.access.provider.file.SimplePolicyEngine.java

License:Apache License

private ImmutableSetMultimap<String, String> parsePermissions(@Nullable String database,
        Ini.Section rolesSection, Ini.Section groupsSection) {
    ImmutableSetMultimap.Builder<String, String> resultBuilder = ImmutableSetMultimap.builder();
    Multimap<String, String> roleNameToPrivilegeMap = HashMultimap.create();
    List<? extends RoleValidator> validators = Lists.newArrayList(new ServersAllIsInvalid(),
            new DatabaseMustMatch(), new DatabaseRequiredInRole(), new ServerNameMustMatch(serverName));
    for (Map.Entry<String, String> entry : rolesSection.entrySet()) {
        String roleName = Strings.nullToEmpty(entry.getKey()).trim();
        String roleValue = Strings.nullToEmpty(entry.getValue()).trim();
        boolean invalidConfiguration = false;
        if (roleName.isEmpty()) {
            LOGGER.warn("Empty role name encountered in {}", resourcePath);
            invalidConfiguration = true;
        }/*w ww .java 2s .  c  o m*/
        if (roleValue.isEmpty()) {
            LOGGER.warn("Empty role value encountered in {}", resourcePath);
            invalidConfiguration = true;
        }
        if (roleNameToPrivilegeMap.containsKey(roleName)) {
            LOGGER.warn("Role {} defined twice in {}", roleName, resourcePath);
        }
        Set<String> roles = PermissionUtils.toPermissionStrings(roleValue);
        if (!invalidConfiguration && roles != null) {
            for (String role : roles) {
                for (RoleValidator validator : validators) {
                    validator.validate(database, role.trim());
                }
            }
            roleNameToPrivilegeMap.putAll(roleName, roles);
        }
    }
    Splitter roleSplitter = ROLE_SPLITTER.omitEmptyStrings().trimResults();
    for (Map.Entry<String, String> entry : groupsSection.entrySet()) {
        String groupName = Strings.nullToEmpty(entry.getKey()).trim();
        String groupPrivileges = Strings.nullToEmpty(entry.getValue()).trim();
        Collection<String> resolvedGroupPrivileges = Sets.newHashSet();
        for (String roleName : roleSplitter.split(groupPrivileges)) {
            if (roleNameToPrivilegeMap.containsKey(roleName)) {
                resolvedGroupPrivileges.addAll(roleNameToPrivilegeMap.get(roleName));
            } else {
                LOGGER.warn("Role {} for group {} does not exist in privileges section in {}",
                        new Object[] { roleName, groupName, resourcePath });
            }
        }
        resultBuilder.putAll(groupName, resolvedGroupPrivileges);
    }
    return resultBuilder.build();
}

From source file:org.apache.isis.security.shiro.permrolemapper.PermissionToRoleMapperFromIni.java

License:Apache License

/**
 * Using the same logic as in {@link IniRealm}.
 *//*w  w  w .java  2  s.  co  m*/
public PermissionToRoleMapperFromIni(Ini ini) {
    Map<String, String> section = ini.getSection(IniRealm.ROLES_SECTION_NAME);
    this.permissionsByRole = Maps.transformEntries(section,
            new EntryTransformer<String, String, List<String>>() {

                @Override
                public List<String> transformEntry(String key, String value) {
                    return Lists.newArrayList(PermissionUtils.toPermissionStrings(value));
                }
            });
}

From source file:org.apache.sentry.policy.common.PrivilegeUtils.java

License:Apache License

public static Set<String> toPrivilegeStrings(String s) {
    return PermissionUtils.toPermissionStrings(s);
}

From source file:org.qi4j.library.shiro.concerns.SecurityConcern.java

License:Open Source License

private void handleRequiresPermissions(Subject subject) {
    if (requiresPermissions != null) {
        LOGGER.debug("SecurityConcern::RequiresPermissions");
        String permsString = requiresPermissions.value();
        Set<String> permissions = PermissionUtils.toPermissionStrings(permsString);
        if (permissions.size() == 1) {
            if (!subject.isPermitted(permissions.iterator().next())) {
                String msg = "Calling Subject does not have required permission [" + permsString + "].  "
                        + "Method invocation denied.";
                throw new UnauthorizedException(msg);
            }/*from w  w w  . ja  v  a  2  s  . com*/
        } else {
            String[] permStrings = new String[permissions.size()];
            permStrings = permissions.toArray(permStrings);
            if (!subject.isPermittedAll(permStrings)) {
                String msg = "Calling Subject does not have required permissions [" + permsString + "].  "
                        + "Method invocation denied.";
                throw new UnauthorizedException(msg);
            }

        }
    } else {
        LOGGER.debug("SecurityConcern::RequiresPermissions: not concerned");
    }

}